Remove Virus Downadup.C , Conficker , Kido

Seperti yang kubahas di Microsoft vs Virus Downadup, Conficker, Kido tentang saling serang antara virus worm downadup, conficker, kido dengan Microsoft dengan beberapa perusahaan antivirus dan security. Dan Varian Virus Downadup.C , Conficker , Kido tentang munculnya varian baru virus downadup, conficker, kido yang ditemukan oleh beberapa perusahaan antivirus terkemuka.

Maka disini akan kami bahas, cara me remove varian dari virus ini yang dapat kita lakukan, walaupun untuk menuju remove yang benar-benar bersih masih dalam penyelidikan perusahaan antivirus terbesar terutama symantec

REMOVAL  BY SYMANTEC

1. Disable System Restore (Windows Me/XP).

When you are completely finished with the removal procedure and are satisfied that the threat has been removed, reenable System Restore by following the instructions in the aforementioned documents.

2. Update the virus definitions.

Running LiveUpdate, which is the easiest way to obtain virus definitions.

3. Find and stop the service.

1. Click Start > Run.
2. Type services.msc, and then click OK.
3. Locate and select the service that was detected.
4. Click Action > Properties.
5. Click Stop.
6. Change Startup Type to Manual.
7. Click OK and close the Services window.
8. Restart the computer.

4. Run a full system scan.

Start your antivirus program and make sure that it is configured to scan all the files. Run a full system scan. If any files are detected, follow the instructions displayed by your antivirus program. After the files are deleted, restart the computer in Normal mode and proceed with the next section. Warning messages may be displayed when the computer is restarted, since the threat may not be fully removed at this point. You can ignore these messages and click OK. These messages will not appear when the computer is restarted after the removal instructions have been fully completed. The messages displayed may be similar to the following :
Title: [FILE PATH]
Message body: Windows cannot find [FILE NAME]. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.

..

5. Delete any values added to the registry.

1. Click Start > Run.
2. Type regedit
3. Click OK.
4. Navigate to and delete the following registry subkeys :
   • HKCUSoftwareMicrosoftWindowsCurrentVersionExplorer[CLSID 1]
   • HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer[CLSID 1]
5. Navigate to and delete the following registry entries:
   • HKCUSoftwareMicrosoftWindowsCurrentVersionRun”[RANDOM CHARACTERS]” = “rundll32.exe “[RANDOM DLL FILE NAME]“, [RANDOM PARAMETER STRING]“
   • HKLMSYSTEMCurrentControlSetServices[RANDOM CHARACTERS]”ImagePath” = “%System%svchost.exe -k netsvcs”
   • HKLMSYSTEMCurrentControlSetServices[RANDOM CHARACTERS]Parameters”ServiceDll” = “[PATH TO THE THREAT]“
   • HKCUSoftwareMicrosoftWindowsCurrentVersionExplorer[CLSID 2]”[WORD 1][WORD 2]” = “[BINARY DATA]“
   • HKCUSoftwareMicrosoftWindowsCurrentVersionExplorer[CLSID 2]”[WORD 1][WORD 2]” = “[BINARY DATA]“
   • HKCUSoftwareMicrosoftWindowsCurrentVersionExplorer[CLSID 2]”[WORD 1][WORD 2]” = “[BINARY DATA]“
   • HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorer[CLSID 2]”[WORD 1][WORD 2]” = “[BINARY DATA]“
   • HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer[CLSID 2]”[WORD 1][WORD 2]” = “[BINARY DATA]“
   • HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer[CLSID 2]”[WORD 1][WORD 2]” = “[BINARY DATA]“
6. Restore the following registry entries to their previous values, if required:
   • HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun”Windows Defender”
   • HKLMSOFTWAREMicrosoftWindowsCurrentVersionexplorerShellServiceObjects{FD6905CE-952F-41F1-9A6F-135D9C6622CC}
   • HKLMSYSTEMCurrentControlSetControlSafeBoot
7. Exit the Registry Editor.

   Note: If the risk creates or modifies registry subkeys or entries under HKEY_CURRENT_USER, it is possible that it created them for every user on the compromised computer. To ensure that all registry subkeys or entries are removed or restored, log on using each user account and check for any HKEY_CURRENT_USER items listed above.

Similiar Post

• Remove Downadup , Kido dan Conficker di Network
• Messenger – nhattruongquang.0catch.com
• Alert Conficker / Downadup / Kido on 1 April ?
• Varian Virus Downadup.C , Conficker , Kido
• Microsoft vs Virus Downadup, Conficker, Kido
• Retina Network Security Scanner – Pendeteksi Conficker / Downadup / Kido di Network
• PCMAV Express for Conficker
• Worm Windows Server Service RPC
• Remove Virus / worm W32.Downadup.B
• Sality Virus Terkenal di Indonesia

Popular Post

• HP Modem Smart Haier C700 dan ZTE C261, Internet Gratis 90 hari
• Mempercepat Akses Internet Smart Telecom
• Internet Gratis Indosat dan IM3
• Internet Unlimited Smart Jump dari Smart Telecom
• Mempercepat Akses Internet dengan cFosSpeed
• Internet Gratis PRO-XL, Your-Freedom & cFosSpeed
• Uji Coba Fitur BREW HP Haier C700 dan ZTE C261
• HP 3G Modem & Internet Akses CDMA dari Smart Telecom
• Install dan Setting Your Freedom
• Opera Mini Mod v.3.10

Random Post

• Internet Unlimited Flexinet dari Telkomflexi, Persaingan Internet Murah dimulai
• Dasar Grab Kurs BCA
• Point Blank – Game Online Indonesia dari Gemscool
• Remove Duplicate Content Google Webmasters
• Monitor.us External / Internal Monitoring & Visitors Tracking
• Sality Virus Terkenal di Indonesia
• Install & Download Yahoo Messenger 10 Standalone / Offline Mode
• Tip Trik – Kampanye Damai Pemilu Indonesia 2009
• Review Update Pagerank April 2009
• Internet Three [3] Gratis

Save Children

Ad by AdsMedia.cc

All about FaceBook

Comments